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(54) A METHOD WHICH IS ABLE TO CENTRALIZE THE ADMINISTRATION OF THE USER 
REGISTERED INFORMATION ACROSS NETWORKS 



(57) A method for centralizing administration of user 
registration information across networks is provided. It 
includes at least an Internet Content Provider (ICP) and 
a user-login-identification means, which can access an 
online terminal. The ICP adds an interface module in a 
login web page and accesses the user-login-identifica- 
tion means via the interface module. In addition, the ICP 
provides an administration/drive module monitoring ac- 
cess of the user-login-identification means to set up a 
connection and hang up the connection for the user- 
login-identification means in the login web page. The us- 
er-login-identification means has an ID number, and us- 
er's login identification information is stored in the user- 
login-identification means. According to the method and 
system of the present invention, the user is quickly and 
conveniently provided with a safe and universal login 
mode, in the case that the Internet Content Provider 
(ICP) makes no modification or only simple medications 
to the web page. The user not only can log in networks 
by using the login identification means which is safe and 
flexible but also can move conveniently at any time. 
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Description 
Technical Field 

[0001] The present invention relates to a method and * 
a system for identifying and administrating user regis- 
tration information in networks, and more particularly, to 
a method and a system for centralizing administration 
of the user registration information across networks. 
The invention belongs to the computer technical field. 

Background of The Invention 

[0002] Network is increasingly involved in people's 
daily life. Using a network to exchange and transmit in- 
formation is becoming a more and more important infor- 
mation alternating communication method. In an actual 
operation, a user has to enter his usemame and pass- 
word when logging in a website. The network will only 
provide the user with particular services after the user 
is identified. These operations become very bothering 
when the user has registered on a plurality of websites. 
[0003] Microsoft has provided a network passport 
identification service, which allows the user using one 
usemame and one password to access appendant web- 
sites of Microsoft.com and increasing number of partic- 
ipant websites. 

[0004] Microsoft Passport is a kind of mono-service, 
which allows the user using only one usemame and one 
password to access appendent websites of Microsoft, 
com and increasing number of participant websites. 
Owning a Passport means that you only need to remem- 
ber one usemame and one password, and the tech- 
nique is very easy. Because there is only one usemame 
and password to remember, you need only one click op- 
eration to log in other websites after you have logged in 
a participant website, and it is very fast. A user can store 
his information in the passport login profile, therefore he 
will not have to enter his personal information once more 
while accessing other participant websites, which is saf- 
er. The user's personal information is protected by a 
powerful encryption technology and rigid privacy secu- 
rity measures, and the user can always control which 
website is able to access his personal information in- 
cluding his e-mail and mail addresses. Furthermore, 
when the user logs out, all the information related to his 
passport will be deleted from the computer, so it is safe 
to use his personal information on public or shared com- 
puters. 

[0005] Once having a .NET passport, the user can ac- 
cess each new website without registering usemame 
and password — as long as he has logged in any one 
of the participant websites or services by using his email 
address and password which were adopted in register- 
ing the .NET Passport. When the user enters his user- 
name and password in the login box to log in a .NET 
passport participant website, the .NET Passport will ver- 
ify the following information: 



[0006] Whether the entered usemame has been reg- 
istered as .NET Passport; whether the entered pass- 
word is correct. If the result is positive, the .NET Pass- 
port service will inform the website about the user ID (in 
the case that valid login certification has been provided), 
and then the user will be permitted to access the partic- 
ipant website. Once having logged in a participant web- 
site of the .NET Passport during an Internet session, the 
user can log in other participant websites by a single 
click on the ".NET Passport login" button in each partic- 
ipant website. 

[0007] The user's operation comprises the following 
steps: 

1 . Register the usemame and password of the .NET 
Passport (the usemame is an Email address); 

2. Log in any of the participant websites or services; 

3. Enter the usemame and password in the login 
box of the .NET Passport; 

4. The access to the participant website is permitted 
(login succeeds) if the usemame is registered as . 
NET Passport and the entered password is correct; 

5. During the Internet session, it is not necessary to 
enter the password again when the user logs in oth- 
er participant websites or services. 

[0008] Although owning a Passport means that the 
user only needs to remember one usemame and pass- 
word, it is hard to modify all the data formats uniform 
and the number of websites participating in the Passport 
is limited due to the difference of existing data formats 
of different websites. The Windows provides a function 
for remembering usemames and passwords, but it only 
fits for some personal computers since the function only 
exists in local computers which results in less security 
and portability. 

Summary of The Invention 

[0009] The object of the invention is to provide a sys- 
tem and a method for centralizing administration of user 
registration information across networks, and to quickly 
and conveniently provide a safe and universal login 
mode, in the case that the Internet Content Provider 
(ICP) makes no modification or only simple medications 
to the web page. 

[001 0] Another object of the invention is to provide a 
system and a method for centralizing administration of 
user registration information across networks. The user 
can log in networks conveniently by using the system 
which is safe, flexible and can be moved at any time. 
[0011] The objects of the invention are achieved as 
follows: 

[001 2] A method for centralizing administration of us- 
er registration information across networks, including at 
least an Internet Content Provider (ICP) and a user- 
login-identification means which can access an online 
terminal; wherein, the ICP adds an interface module in 
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a login web page and accesses the user-login-identifi- 
cation means via the interface module, and the ICP also 
provides an administration/drive module monitoring ac- 
cess of the user-login-identification means to set up a 
connection and hang up the connection for the user- 
login-identification means in the login web page; the us- 
er-login-id entifi cation means is provided with an ID 
number , and the user's login identification information 
is stored in the user-login-identification means. 
[001 3] Authenticating the ICP includes the steps of, 
obtaining an authentication file, transmitting the authen- 
tication file to the administration/drive module, decrypt- 
ing the authentication file by the administration/drive 
module, and accessing the user-login-identification 
means. 

[0014] The administration/drive module can lead in 
and/or lead out the data stored in the user-login-identi- 
fication means so as to backup the data. The adminis- 
tration/drive module can also automatically log in the 
network after the ICP has accessed user-login-identifi- 
cation means via the interface module and verified the 
identification information. 

[0015] Furthermore, the authentication between the 
ICP and the login verification serving party can also be 
achieved in online mode according to the invention. The 
ICP accesses the login verification serving party, and 
the login verification serving party transmits a code of 
the user-login-identification means to the ICP which 
adds the login identification information in the login web 
page according to the code. The interface module trans- 
mits the ICP information to the login verification serving 
party for verification, and the access to the user-login- 
identification means is permitted in the case of valid ver- 
ification. The Login verification serving party maintains 
a database of authentication files so as to manage the 
authentication files. 

[0016] The login verification serving party and/or the 
ICP website provide an interface module and an admin- 
istration/drive module, and verify whether the interface 
module and the administration/drive module have been 
downloaded. If positive, the modules are activated; if 
negative, the modules are downloaded firstly, and then 
activated. In the case that the user-login-identification 
means is in an active state, the ICP can access the user- 
login-identification means only after it has been authen- 
ticated by the login verification serving party. 
[0017] Particularly, accessing the user-login-identifi- 
cation means includes storing or reading login identifi- 
cation information in the user-login-identification 
means. The login verification serving party transmits an 
authentication file to the ICP, and the ICP accesses the 
user-login-identification means according to the file. The 
authentication file includes ICP identification informa- 
tion, and/or specific area guide information of the user- 
login-identification means and/or data processing guide 
information. 

[0018] Furthermore, a registration table of the ICP 
identification information is stored in the user-logirt- 
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identification means, and is used for guiding different 
I CPs to access the corresponding areas or contents 
while accessing the user-login-identification means. 
The administration/drive module can lead in and/or lead 

s out the data stored in the user-login-identification means 
so as to backup the data, and can also automatically log 
in the network after the ICP has accessed the user- 
login-identification means via the interface module and 
verified the identification information. 

w [001 9] Furthermore, the ICP reads out the information 
stored in the user-login-identification means via the in- 
terface module. If login identification information is ob- 
tained, the interface module returns the login identifica- 
tion information to the ICP web page and determines 

*5 whether an automatic submit and login should be per- 
formed according to the user's setup; if the login identi- 
fication information is not obtained, the interface module 
informs the web page that login identification informa- 
tion is not available and stores the generated login iden- 

20 tification information in the user-login-identification 
means. 

[0020] Storing the login identification information in- 
cludes the ICP storing the login identification information 
in the user-login-identification means via the interface 

25 module, in the case that the user logs in the ICP website 
for the first time, or the user selects to manually enter 
the login information once more, or the user-login-iden- 
tification means is used for the first time. 
[0021] The ICP web page is provided with a registra- 

30 tion information window; the ICP invokes parameters of 
the interface module and saves several sets of registra- 
tion information of the same web page or the last set of 
registration information. 

[0022] For example, The ICP web page is provided 
35 with a registration information window. The ICP access- 
es the user-login-identification means via the interface 
module and verifies the login identification information 
provided by the ICP web page, and stores the new login 
identification information in the user-login-identification 
40 means to overwrite the original login identification infor- 
mation, and then transfers the relating information to the 
ICP web page. The information is displayed on the web 
page after being obtained. 

[0023] Moreover, the ICP web page is provided with 
45 a plurality of window links to the registration information. 
The ICP reads the user-login-identification information 
stored in the user-login-identification means and verifies 
the login identification information provided by the ICP 
web page; if negative, the ICP stores the login identifi- 
so cation information in the useNogin-identification 
means, if positive, the ICP directly reads it out and trans- 
fers the relating information to the ICP web page. The 
information is displayed on the web page after being ob- 
tained. 

55 [0024] Particularly, the user login identification infor- 
mation includes the ICP identification information or the 
form information or the user identification information or 
the combination of the above. 
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[0025] A system for realizing any one of the said meth- 
ods comprises a computer, Internet networks, an ICP 
and a user-login-identification means, wherein the com- 
puter can log in the internet network to communicate 
with different ICPs; the user-login-identification means 
is capable of accessing the computer from outside and 
has at least an identification number and encryption 
storage space. The user-login-identification means per- 
forms the information transmission by operating the 
computer. 

[0026] The information transmission between the 
computer and the user-login-identification means is 
processed with encryption or decryption. The encryption 
includes protecting an encryption area by using the us- 
er's PIN code or encryption utilizing RSA 512PK1 key 
management. The user-login-identification means is al- 
so provided with a storage region for storing the infor- 
mation of the ICP itself. 

[0027] Particularly, the user-login-identification 
means can be an external and portable memory means 
with a standard data interface, or a card-reader means 
or an ID identifying means thereof, for example, a USB 
storage device, a CF card, a MMC card, a SD card, a 
SMC card, an IBM Micro Drive card, a flash storage 
module or an IC card, or the corresponding card reader 
therein. 

[0028] Moreover, the user-login-identification means 
can be a computer peripheral, such as a keyboard, a 
mouse, a handwriting board, sound boxes, or a portable 
PDA, a music player, or an electrical dictionary. 
[0029] Furthermore, the ICP of the system of this in- 
vention is connected with a login verification serving par- 
ty, which transmits the code of the user-login-identifica- 
tion means to the ICP, and the ICP adds the login iden- 
tification information on the web page according to the 
code. The interface module transmits the ICP informa- 
tion to the login verification serving party to verify the 
information, and the access to the user-login-identifica- 
tion means is permitted if the verification is valid. In par- 
ticular, the login verification serving party is a server. 
[0030] According to analyzing the above technical so- 
lution, it is obvious that the invention has the following 
advantages: 

1 . The registration information is centralized so that 
the bothering operations of logging in networks are 
simplified. 

2 . The portable hardware can be earned by the us- 
er, and can be used at any time or any place. 

3. The security of the user's personal information is 
guaranteed by the double encryption of both hard- 
ware and data. 

4. The user's operation is visual and simple be- 
cause of the practical function management provid- 
ed by the administration /drive module. 

5. The ICP doesn't need to modify the existing data 
format. 

6. The ICP obtains a flexible interface, which can 
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be extended with many customized applications be- 
sides the login application. 

Brief Description Of The Drawings 

[0031] 

Figure 1 is a schematic network system according 
to the invention; 

Figure 2 is a flowchart illustrating the user access- 
ing the ICP to download the administration/drive 
module according to the invention; 
Figure 3 is a flowchart illustrating the ICP accessing 
the user-login-identification means according to the 
invention; 

Figure 4 is a flowchart illustrating the user logging 
in the ICP by utilizing the login identification means 
according to the invention. 



[0032] Next the invention will be described in details 
in conjunction with the figures and the specific embodi- 
ments. 

[0033] As shown in figure 1, the present invention 
comprises a computer, Internet networks, an ICP and a 
user-login-identification means. The computer can log 
in the Internet network to communicate with different 
ICPs; the user-login-identification means is a device 
which can connect with the computer from outside and 
has at least an identification number and encryption 
storage space, and performs the information transmis- 
sion by operating the computer. Particularly the ICP 
adds an interface module in the login web page and ac- 
cesses the user-login-identification means via the inter- 
face module. The ICP also provides an administration/ 
drive module monitoring access of the user-login-iden- 
tification means to set up a connection and hang up the 
connection for the user-login-identification means in the 
login web page; the user-login-identification means is 
provided with an ID number, and the user's login iden- 
tification information is stored in the user-login-identifi- 
cation means. 

[0034] Particularly, the user-login-identification 
means can be an external and portable memory means 
with a standard data interface, or a card-reader means 
or an ID identifying means thereof, for example, a USB 
storage device, a CF card, a MMC card, a SD card, a 
SMC card, an IBM Micro Drive card, a flash storage 
module or an IC card, or the corresponding card reader 
therein. 

[0035] Moreover, the user-login-identification means 
can be a computer peripheral, such as a keyboard, a 
mouse, a handwriting board, sound boxes, a portable 
PDA, a music player, or an electrical dictionary. 
[0036] Wherein the user-login-identification means 
can have a unique identification number, or a plurality 
of identification numbers for the use of various people 
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by partitioned control. 
[0037] The method and system according to present 
invention provide a universal network ID, which can be 
identified uniquely. By utilizing the login-identification 
means, any user can automatically log in all the author- s 
ized ICPs or the ICPs with the right to access the login- 
identification means. 

[0038] The login verification serving party such as CA 
can proceed online authorization and authentication 
with the ICP and the user-login-identification means; au- 
thentication between the ICP and the user-login-identi- 
fication means can be self accomplished offline— with- 
out the login verification serving party participating in, 
and according to the information stored in the user- 
login-identification means. 

[0039] Wherein, the procedure of the authentication 
and login between the ICP and the user-login-identifica- 
tion means will be described in combination with the fig- 
ure 2, 3. it comprises at least an Internet Content Pro- 
vider (ICP) and a user-login-identification means which 
can access an online terminal; wherein the ICP adds an 
interface module in a login web page, and accesses the 
user-login-identification means via the interface mod- 
ule. The ICP also provides an administration/drive mod- 
ule monitoring access of the user-login-identification 
means to set up a connection and hang up the connec- 
tion for the user-login-identification means in the login 
web page; the user-login-identification means has a 
unique ID number, and is utilized in storing the user's 
login identification information. The administration/drive 
module can lead in and/or lead out data stored in the 
user-login-identification means so as to backup the da- 
ta. The administration/drive module can also automati- 
cally log in the network after the ICP has accessed the 
user-login-identification means via the interface module 
and verified the identification information. 
[0040] The steps are as follows: 

1 . Inserting the user-login-identification means and 
downloading the administration/drive module; 

2. Entering the PIN code , activating the user-login- 
identification means and logging in the web page 
requiring to enter the login information; the ICP ac- 
cess authentication information is stored in the us- 
er-login-identification means to verify whether the 
accessing ICP has been authorized to access it. 
The authentication file includes the ICP identifica- 
tion information and/or the specific area guide infor- 
mation of the user-login-identification means and/ 
or data processing guide information and/or time in- 
formation. The registration table of the ICP identifi- 
cation information is stored in the user-login-identi- 
fication means, to guide different ICPs only access- 
ing the corresponding areas or contents in the 
means. Different ICPs store or read the respective 
login-identification information in the corresponding 
areas of the user-login-identification means. 

3. The ICP accesses the user-login-identification 
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means and proceeds authentication; if the verifica- 
tion is valid, the access is permitted; otherwise, the 
access is not permitted. Wherein the accessing 
comprises checking the user ID identification infor- 
mation stored in the user-login-identification means 
or generating the user ID identification information 
in the user-login-identification means. Particularly, 
the ICP authentication comprises obtaining the au- 
thentication file via the interface module, transmit- 
ting the file to the administration/drive module, de- 
crypting the authentication file by the administra- 
tion/drive module, and accessing the user-login- 
identification means. 

4. The ICP reads the information stored in the user- 
login-identification means, and if the login identifi- 
cation information is obtained, the interface module 
returns the login identification information to the ICP 
web page and determines whether a login-submit 
or an automatic submit & login should be performed 
according to the user's setup; if the login identifica- 
tion information is not available, the interface mod- 
ule informs the web page that login identification in- 
formation is not available, and stores the generated 
login identification information in the user-login- 
identification means. Storing the login identification 
information includes the user logging in the ICP 
website for the first time, or the user selecting to 
manually enter the login information once more, or 
the first time use of the user-login-identification 
means, and the ICP stores the login identification 
information in the user-login-identification means 
via the interface module. 

[0041] If the ICP web page is provided with a regis- 
tration information window, the ICP invokes the param- 
eters of the interface module and saves several sets of 
registration information of the same web page or the last 
set of registration information in the user-login-identifi- 
cation means, which can be displayed in the ICP web 
page. In particular 

[0042] The ICP web page is provided with a registra- 
tion information window. The ICP accesses the user- 
login-identification means via the interface module, and 
verities the login identification information provided by 
the ICP web page, and stores the new login identifica- 
tion information data in the user-login-identification 
means to overwrite the original login identification infor- 
mation, and then transfers the relating information to the 
ICP web page. The information is displayed in the web 
page after being obtained. 

[0043] The ICP web page is provided with a plurality 
of window links of the registration information. The ICP 
reads the user-login-identification information stored in 
the user-login-identification means, and verifies the 
login identification information provided by the ICP web 
page, stores the login identification information in the 
user-login-identification means in the case of negative 
verification, or directly reads and transfers the relating 
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information to the ICP web page in the case of positive 
verification. The information is displayed in the web 
page after being obtained. 

[0044] Another embodiment of the invention provides 
a method and a system for authorizing and authenticat- 
ing online among the login verification serving party, the 
ICP and the user-login-identification means to log in the 
network. The method comprises the following steps: 
[0045] According to the invention, the administration/ 
drive module is added by the ICP according to the au- 
thorization of the login verification serving party. The au- 
thorized ICP stores and reads out the user login infor- 
mation via the interface of the interface module (e.g. 
OCX). According to this solution, the ICP only need to 
make simple modifications to the web page. The user 
uses a user-login-identification means with an encryp- 
tion storage space of over 1 M Bytes to store the user's 
login information. The data stored in the encryption stor- 
age space can be accessed by API. The user can acti- 
vate the user-login-identification means of the adminis- 
tration/drive module by using the PIN code. 
[0046] The login verification serving party provides an 
encrypted authentication file for each ICP to authorize 
and authenticate the authorization. Because different 
ICPs have different authentication files, each ICP could 
only access its own data and has no right to access the 
data of other ICP; an OCX is provided, and the ICP adds 
the OCX in its own web page so as to store and read 
out the relating information in the corresponding area of 
the user-login-identification means by invoking the In- 
terface of the OCX. The OCX is also responsible for 
transmitting the ICP authentication files to the server of 
the login verification serving party for verification. 
[0047] The server terminal of the login verification 
serving party is used for verifying the ID of each ICP. 
[0048] The user-login-identification means of the ad- 
ministration/drive module is based on the USB interface, 
and is provided with an encryption storage space of over 
1 M (which can be accessed via the API). There are two 
methods which can perform encryption. Simple encryp- 
tion: protecting an encryption area by using only the user 
PIN code, and if the code is correct, the data stored in 
the encryption storage space can be accessed; PKI en- 
cryption: including RSA 51 2 PKI key management, data 
stream encryption, and multi-key authorization manage- 
ment. 

[0049] Wherein the administration/drive module is re- 
alized as follows: 

[0050] After the administration/drive module is in- 
stalled, a corresponding Tray Icon will be added on the 
user's desktop; and the user can activate or close the 
administration/drive module. The user has to enter the 
password to activate the administration/drive module; 
the administration/drive module monitors the port of the 
user-loginndentrrlcation means, when the user inserts 
the user-login-identification means of the administra- 
tion/drive module, the user is asked to enter the pass- 
word to activate the user-loginHdentrfication means of 
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the administration/drive module. If the user cancels the 
operation or the entered password is not correct, the us- 
er-login-identification means of the administration/drive 
module will not be activated (in an inactive state). When 

5 the user pulls out the user-login-identification means of 
the administration/drive module, the user-login-identifi- 
cation means of the administration/drive module will be 
closed; an function of modifying the PIN code is provid- 
ed for the user as wel as the function for setting up the 

10 submit mode .content input and record mode of the ad- 
ministration/drive module by the user, and the function 
for leading in and leading out the information stored in 
the user-login-identification means of the administra- 
tion/drive module in the case of simple encryption. 

15 [0051] The encrypted authentication file comprising 
the authorization information is provided to the ICP by 
the login verification serving party. 
[0052] The interface module can provide to the ICP 
an interface for reading out or writing to the user-login- 

20 identification means of the administration/drive module; 
transmit the authentication file of the ICP to the login 
verification serving party for verification; and read from 
/write to the administration/drive module via API. 
[0053] The server terminal verifies the ID of the ICP, 

25 and informs the result to the OCX. 

[0054] The invention comprises the following steps: 

1 . The login verification serving party distributes the 
authentication file to the ICP for verifying the ICP ID. 

30 2. The login verification serving party provides to the 
ICP a standard code sample which accesses the 
user-login-identification means of the administra- 
tion/drive module via the Interface of the OCX. The 
ICP adds the storage and read code of the required 

35 data in the web page according to the code sample, 
and adds the link of OCX in the web page. 

3. The user-login-identification means is provided 
with an original PIN code. 

4. The user accesses the ICP website and automat- 
40 ically downloads the software of the user's admin- 
istration/drive module and the OCX (which can also 
be downloaded from the website of the login verifi- 
cation serving party). The user is asked whether the 
software of the administration/drive module should 

45 be installed, and if yes, the installation is performed. 
A corresponding Tray Icon will be added on the us- 
er's desktop after the installation. 

5. The user can activate the administration/drive 
module, close the administration/drive module, 

so modify the PI N code, and lead in/out the information 
stored in the administration/drive module by using 
the administration/drive module software in the 
case that the user-login-identification means of the 
administration/drive module is connected. 

55 6. The user accesses the ICP website, and the ICP 
reads the useNogin-identrfication means of the ad- 
ministration/drive module via the Interface of the 
OCX If the administration/drive module is in the ac- 
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tive state, the OCX will transmit the ICP authentica- 
tion file to the server terminal of the login verification 
serving party for verification. If the ICP is author- 
ized, the server terminal will inform the OCX that 
the access to the user-login-identification means is 
permitted. 

7. If required information is read out, the OCX will 
return the content to the ICP web page code and 
determine whether an automatic submit and login 
should be performed according to the user's setup. 
If the required information is not read out (user has 
not logged in), the OCX will inform the ICP web 
page code that required information is not read out. 

8. The ICP stores data in the user's user-login-iden- 
tification means of the administration/drive module 
via the interface of the OCX when the user logs in 
the ICP website by using a set of registration infor- 
mation for the first time or selects to log in once 
more(user manually enters the registration informa- 
tion). If the administration/drive module is in the ac- 
tive state, the OCX will transmit the ICP authentica- 
tion file to the server terminal of the login verification 
serving party for verification. If the ICP is author- 
ized, the server terminal will inform the OCX that 
the access to the user-login-identification means is 
permitted. The OCX will store the data in the user- 
login-identification means of the administration/ 
drive module. 

[0055] If a user has several sets of registration infor- 
mation in the same registration web page, to save these 
registration information simultaneously or only to save 
the last set is determined by the interface parameters 
added in the web page by the ICP invoking the OCX. 

Particular embodiments: 

[0056] User Mr. Wang; ICP: sina, 263; Mr. Wang's 
personal information is that he has two usemames in 
the sina, wherein the usemame 1 is dingding and the 
password is ding2002 ( and the usemame 2 is joy and 
the password is 991 81 7; and he has two e-mail address- 
es in the 263, wherein the e-mail address 1 is xi- 
aowang@263.net and the password is 991817, the e- 
mail address 2 is xiaowang111@263.net and the pass- 
word is 991817. The user-login-identification means of 
the administration/drive module has an initial password 
of 12345678. 

[0057] The login verification serving party distributes 
the authentication Mies to the sina and the 263(the two 
authentication files are different). At the same time the 
login verification serving party provides to the sina and 
the 263 the standard code sample which accesses the 
user-login-identification means of the administration/ 
drive module via the Interface of the OCX. 
[0058] The sina provides the automatic downloads 
(linking to the website of the login verification serving 
party) of the OCX and the user's administration/drive 



12 

module software in its own website. The sina adds the 
relating code in the member login web page of its own 
website, and when the user opens the web page, the 
sina will read the information in the user-login-identifi- 

5 cation means of the administration/drive module via the 
OCX. When the user logs in manually, the sina stores 
the information (including form number and user's infor- 
mation) in the user-login-identification means of the ad- 
ministration/drive module via the OCX. The sina has set 

10 that the old information will be overlapped by the new 
information in the case that there is the information with 
the same form number and there is not multi-registration 
information link window. 

[0059] The 263 provides the automatic downloads 
15 (linking to the website of the login verification serving 
party) of the OCX and the user's administration/drive 
module software in its own website. The 263 adds the 
relating code in the member login web page of its own 
website, and when the user opens the web page, the 
20 263 will read the information in the user-login-identifica- 
tion means of the administration/drive module via the 
OCX. When the user logs in manually, the 263 stores 
the information (including form number and user's infor- 
mation) in the user-login-identification means of the ad- 
25 ministration/drive module via the OCX. Since there is 
multi-registration information link window in the 263, the 
263 sets that the new information will be stored as a new 
one in the case that there is the information with the 
same form number in the 263. 
30 [0060] Mr. Wang accesses www.sina.com.cn, and 
downloads the administration/drive module software 
and the OCX automatically. When the download com- 
pletes, a dialogue window of "whether the administra- 
tion/drive module software should be installed" is dis- 
35 played. Mr. Wang selects yes and installs the adminis- 
tration/drive module software. When the installation 
completes, a Tray Icon named "the administration/drive 
module software" is added on the desktop. Mr. Wang 
inserts the user-login-identification means of the admin- 
40 istration/drive module, and the administration/drive 
module software prompts " enter the password:", then 
Mr. Wang enters "12345678" and selects yes, so that 
administration/drive module is activated. The Tray Icon 
is shown as in the active state. Mr. Wang clicks the Tray 
45 icon of "the administration/drive module", and selects 
"modify the password", and then enters the password 
of 12345678; and enters the new password of 
wang1817; and confirms the new password of wang 
1817. After the confirmation, the password is modified 
50 into wangl 81 7, and the Tray Icon is still shown as in the 
active state. 

[0061] Mr. Wang selects user-login on the sina home 
page. The relating code added in the member login web 
page by the sina tries to read Mr. Wang's user-login- 
55 identification means of the administration/drive module 
via the interface of the OCX (which introduces the pa- 
rameters such as form number). The OCX accesses the 
user-login-identification means of the administration/ 
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drive module, and confirms that it is in the active state. 
The OCX obtains the sina's authentication file and trans- 
mits it to the administration/drive module. The adminis- 
tration/drive module looks up the relating information in 
Mr. Wang's user-login-identification means of the ad- 5 
ministration/drive module according to the authentica- 
tion file and the form number, and if no required infor- 
mation is found, the OCX will informs the sina that the 
page code does not obtain the required information. Mr. 
Wang enters the login information in which the user- 
name is dingding and the password is ding2002, and 
then logs in. The relating code added in the member 
login web page by the sina tries to store the data in Mr 
Wang's user-login-identification means of the adminis- 
tration/drive module via the interface of the OCX (which 
introduces the parameters such as form number, user 
information, etc.). The OCX accesses the user-login- 
identification means of the administration/drive module 
and confirms that it is in the active state. The OCX ob- 
tains the authentication file of the sina and transmits the 
file to the administration/drive module. The administra- 
tion/drive module looks up the relating information in Mr. 
Wang's user-login-identification means of the adminis- 
tration/drive module according to the authentication file 
and the form number, and the OCX stores the data in 
Mr. Wang's user-login-identification means of the ad- 
ministration/drive module in the case that no identical 
form number is found. Mr. Wang closes the sina and en- 
ters the home page of the sina again, and it is detected 
that the administration/drive module software and the 
OCX have already been downloaded, and the automatic 
download of the administration/drive module software 
and the OCX is not needed. Mr. Wang selects the user- 
login. The relating code added in the member login web 
page by the sina tries to read Mr. Wang's user-login- 
identification means of the administration/drive module 
via the interface of the OCX (which introduces the pa- 
rameters such as form number, etc.). The OCX access- 
es the user-login-identification means of the administra- 
tion/drive module and confirms that it is in the active 
state. The OCX obtains the authentication file of the sina 
and transmits the file to the administration/drive module. 
The administration/drive module looks up the relating in- 
formation in Mr. Wang's user-login-identification means 
of the administration/drive module according to the au- 
thentication file and the form number, and the OCX 
transmits the information to the sina web page code in 
the case that the required information is found. The sina 
web page code obtains the information and then auto- 
matically logs in by using the usemame of dingding and 
the password of ding2002. Mr. Wang selects to log in 
once more and enters the login information in which the 
usemame is joy and the password is 991817, and then 
logs in. The relating code added in the member login 
web page by the sina tries to store the data in Mr. Wang's 
user-login-identification means of the administration/ 
drive module via the interface of the OCX (which intro- 
duces the parameters such as form number, user infor- 



mation, etc.). The OCX accesses the user-login-identi- 
fication means of the administration/drive module and 
confirms that it is in the active state. The OCX obtains 
the authentication file of the sina and transmits the file 
to the administration/drive module. The administration/ 
drive module looks up the relating information in Mr. 
Wang's user-login-identification means of the adminis- 
tration/drive module according to the authentication file 
and the form number, and the OCX stores the new data 
in Mr. Wang's user-log in-identitlcation means of the ad- 
ministration/drive module to overlap the old data in the 
case that the same form number is found. Mr. Wang 
clicks the Tray Icon of the "administration/drive module" 
and selects "close the administration/drive module", and 
then the Tray Icon is shown as in the inactive state. 
[0062] Mr. Wang accesses www.263.net. It is detect- 
ed that the administration/drive module software and the 
OCX have already been downloaded, and the automatic 
download of the administration/drive module software 
and the OCX is not needed. The mail-login relating code 
added in the home page by the 263 tries to read Mr. 
Wang's user-login-identification means of the adminis- 
tration/drive module via the interface of the OCX (which 
introduces the parameters such as form number). The 
OCX accesses the user-login-identification means of 
the administration/drive module and finds that it is in the 
inactive state. The OCX informs the 263 that the page 
code does not obtain the required information. Mr. Wang 
clicks the Tray Icon of the "administration/drive module" 
and selects the "activate the administration/drive mod- 
ule", and then the Tray Icon is shown as in the active 
state. Mr. Wang enters the mail-login information, in 
which the usemame is xiaowang@263.net and the 
password is 991817, and then logs in. The mail-login 
related code added in the home page by the 263 tries 
to store the data in Mr. Wang's user-login-identification 
means of the administration/drive module via the inter- 
face of the OCX (which introduces the parameters such 
as form number, user information, etc.). The OCX ac- 
cesses the user-login-identification means of the admin- 
istration/drive module and finds that it is in the active 
state. The OCX obtains the authentication file of the 263 
and transmits the file to the administration/drive module. 
The administration/drive module looks up the relating in- 
formation in Mr. Wang's user-login-identification means 
of the administration/drive module according to the au- 
thentication file and the form number, and the OCX 
stores the data in Mr. Wang's user-login-identification 
means of the administration/drive module in the case 
that no identical form number is found. Mr. Wang selects 
to log in once more and enters the login information in 
which the usemame is xiaowang111@263.net and the 
password is 991817, and then logs in. The mail-login 
relating code added in the home page by the 263 tries 
to store the data in Mr. Wang's user-login-identification 
means of the administration/drive module via the inter- 
face of the OCX (which introduces the parameters such 
as form number, user information, etc.). The OCX ac- 
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cesses the user-login-identification means of the admin- 
istration/drive module and confirms that it is in the active 
state. The OCX obtains the authentication file of the 263 
and transmits the file to the administration/drive module. 
The administration/drive module looks up the relating in- 
formation in Mr. Wang's user-login-identification means 
of the administration/drive module according to the au- 
thentication file and the form number, and the OCX 
stores the new data in Mr. Wang's user-login-identifica- 
tion means of the administration/drive module without 
changing the old data in the case that the same form 
number is found. Mr Wang closes the 263 and enters 
the home page of the 263 again, and it is detected that 
the administration/drive module software and the OCX 
have already been downloaded, and the automatic 
download of the administration/drive module software 
and the OCX is not needed. Mr. Wang selects the user- 
login. The mail-login relating code added in the home 
page by the 263 tries to read Mr. Wang's user-login- 
identification means of the administration/drive module 
via the interface of the OCX (which introduces the pa- 
rameters such as form number, etc.). The OCX access- 
es the user-login-identification means of the administra- 
tion/drive module and confirms that it is in the active 
state. The OCX obtains the authentication file of the 263 
and transmits the file to the administration/drive module. 
The administration/drive module looks up the relating in- 
formation in Mr. Wang's user-login-identification means 
of the administration/drive module according to the au- 
thentication file and the form number, and the OCX 
transmits the information to the 263 web page code in 
the case that two pieces of required information are 
found. The 263 web page code obtains the information, 
and then displays two usemames ofxiaowang@263.net 
and xiaowang111@263.net in the pulldown box of the 
usemame item. Mr. Wang clicks xiaowang@263.net 
and automatically logs in by using the usemame of xi- 
aowang@263.net and the password of 991817. Mr. 
Wang pulls out the user-login-identification means of the 
administration/drive module, and the administration/ 
drive module software closes the administration/drive 
\ module. The Tray Icon is shown as in the inactive state. 

[0063] The authentication file is an encryption file. The 
authentication file can include the primary information 
such as valid time, valid data segment, etc. wherein the 
valid time defines the period of validity of the authenti- 
cation file. If the authentication file exceeds the valid 
date, it is invalid, and then the login verification serving 
party has to distribute the authentication file to the ICP 
again. The valid data segment defines the valid data 
segment which can be accessed by the ICP in the user- 
login-identification means. The authentication file is 
transmitted to the administration/drive module by the 
OCX and decrypted by the administration/drive module. 
The procedure can also be performed by the following 
method: 

[0064] The login verification serving party distributes 
the authentication file to the ICP, and the OCX transmits 



the authentication file to the login verification serving 
party in the case that the ICP tries to access the user- 
login-identification means, and then the login verifica- 
tion serving party transmits the verification result back 
5 to the OCX. In this case, the authentication file distrib- 
uted to the ICP can only comprise simple index and ver- 
ification information, but the login verification serving 
party has to maintain a whole database of authentication 
files in order to provide more renewal information. 
10 [0065] It is to be understood that the preferred embod- 
iments intend only to explain but not to limit the present 
invention. Although the present invention has been de- 
scribed in detail by referring to the above-mentioned 
embodiments, it should be appreciated that any modifi- 
es cations or equivalents of the invention are not departing 
from the principle of the present invention. 



Claims 

20 

1 . A method for centralizing administration of user reg- 
istration information across networks, character- 
ized by: including at least an Internet Content Pro- 
vider (ICP) and a user-login-identification means 

25 which can access an online terminal; wherein the 
ICP adds an interface module in a login web page 
and accesses the user-login-identification means 
via the interface module, and the ICP also provides 
an administration/drive module monitoring access 

30 of the user-login-identification means to set up a 
connection and hang up the connection for the user- 
login-identification means in the login web page; the 
user-login-identification means is provided with an 
ID number, and user's login identification informa- 

35 tion is stored in the user-login-identification means. 

2. The method of claim 1 , wherein ICP access authen- 
tication information is stored in the user-login-iden- 
tification means to verify whether the accessing ICP 

40 is authorized to access; if the accessing ICP passed 
the verification, its access is permitted, otherwise 
the access is not permitted. 

3. The method of claim 1 or claim 2, wherein the ICP 
45 is permitted to access the user-login-identification 

means only if it is authenticated, when the user- 
login-identification means is activated. 

4. The method of claim 1 , wherein the procedure of 
so authenticating the ICP comprises, obtaining an au- 
thentication file via the interface module, transmit- 
ting the authentication file to the administration/ 
drive module, decrypting the authentication file by 
the administration/drive module, and accessing the 

55 user-login-identification means. 

5. The method of claim 4, wherein the authentication 
file includes ICP identification information and/or 
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specific area guide information of the user-login- 
identification means and/or data processing guide 
information and/or time information. 

6. The method of claim 1 , wherein a registration table 5 
of the ICP identification information is stored in the 
user-login-identification means to guide different 
ICPs to access only the corresponding areas or 
contents while accessing the user-iogin-identifica- 
tion means. 10 

7. The method of claim 1 , wherein different ICPs store 
and read respective login identification information 
in the corresponding areas of the user-login-identi- 
fication means. 15 

8. The method of claim 1 , wherein the administration/ 
drive module can also lead in and/or lead out data 
stored in the user-login-identification means so as 

to backup the data. 20 

9. The method of claim 1 or claim 8, wherein the ad- 
ministration/drive module can also automatically 
log in, in the case that the ICP accesses the user- 
login-identification means via the interface module 25 
and verifies the identification information. 

10. The method of claim 1 or claim 4, wherein the ICP 
accessing the user-login-identification means in- 
cludes checking the user ID identification informa- 30 
tion stored in the user-login-identification means, or 
generating the user ID identification information in 
the user-login-identification means. 

1 1 . The method of claim 1 0, wherein the ICP reads the 35 
information stored in the user-login-identification 
means, and if login identification information is ob- 
tained, the interface module returns the login iden- 
tification information to the ICP web page and de- 
termines whether a login-submit or an automatic <o 
submit & login should be performed according to us- 
er's setup; if the login identification information is 

not obtained, the interface module informs the web 
page that the login identification information is not 
available and stores the generated login identifica- 
tion information in the user-login-identification 
means. 

12. The method of claim 1 0 or claim 1 1 , wherein storing 
the login identification information includes the ICP so 
storing the login identification information in the us- 
er-login-identification means via the interface mod- 
ule, in the case that the user logs in the ICP website 

for the first time, or the user selects to manually en- 
ter the login information once more, or the user- 55 
login-identification means is used for the first time. 

13. The method of claim 10, wherein an ICP web page 



is provided with a registration information window; 
the ICP invokes parameters of the interface module 
and simultaneously saves several sets of registra- 
tion information of a same web page or saves the 
last set of registration information in the user-login- 
identification means, and the registration informa- 
tion can also be displayed on the ICP web page. 

14. The method of claim 13, wherein the an ICP web 
page is provided with a registration information win- 
dow; the ICP accesses the user-login-identification 
means via the interface module and verifies the 
login identification information provided by the ICP 
web page, and stores new login identification infor- 
mation in the user-login-identification means to 
overwrite original login identification information, 
and transfers relating information to the ICP web 
page; the information is displayed on the web page 
after being obtained. 

15. The method of claim 13, wherein the ICP web page 
is provided with a plurality of window links of the reg- 
istration information; the ICP reads the user-login- 
identification information stored in the user-login- 
identification means and verifies the login identifi- 
cation information provided by the ICP web page; if 
verification appears negative, the login identifica- 
tion information is stored in the user-login-identifi- 
cation means, and if positive, the login identification 
information is directly read out and the relating in- 
formation is transferred to the ICP web page; the 
information is displayed on the web page after being 
obtained. 

16. The method of claim 1 , further includes a login ver- 
ification serving party for implementing prior au- 
thentication to the ICP and obtaining guide informa- 
tion of the user-login-identification means. 

1 7. The method of claim 1 6, wherein the ICP is connect- 
ed with a login verification serving party which trans- 
mits a code for accessing the user-login-identifica- 
tion means to the ICP, and the ICP adds the login 
identification information in the login web page ac- 
cording to the code, and the interface module trans- 
mits the ICP information to the login verification 
serving party for verification; if the ICP information 
passed the verification, the ICP is permitted to ac- 
cess the user-login-identification means. 

18. The method of claim 17, wherein the user activates 
the user-logirwdentification means by using a pass- 
word, and then the ICP accesses the login verifica- 
tion serving party for an authentication via the inter- 
face module; if the authentication is valid, the ICP 
can operate the user-login-identification means via 
the interface module. 
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19. The method of claim 18, wherein the actuating 
password used by the user is provided by the login 
verification serving party or preset in the means. 

20. The method of claim 17 or claim 18, wherein the 5 
encryption files of the ICPs transmitted by the login 
verification serving party are different from each 
other. 

21. The method of claim 16, wherein the login verifica- 10 
tion serving party maintains a database of authen- 
tication files so as to manage the authentication 
files. 

22. The method of claim 16 or claim 21, wherein the 15 
login verification serving party is a server. 

23. The method of any one of the above claims, wherein 
the user-login-identification information includes 
ICP identification information or form information or 20 
user identification information or combination of the 
above. 

24. A system for realizing the method of any one of the 
above claims, characterized by, comprising a 25 
computer, Internet networks, an ICP and a user- 
login-identification means, wherein the computer 
can log in the Internet networks to communicate 
with different ICPs; the user-login-identification 
means is capable of accessing the computer from 30 
outside and has at least an identification number 
and encryption storage space; the user-login-iden- 
tification means performs the information transmis- 
sion by operating the computer. 

35 

25. The system of claim 24, wherein the ICP is connect- 
ed with a login verification serving party which trans- 
mits a code for accessing the user-login-identifica- 
tion means to the ICP, and the ICP adds the login 
identification information in the login web page ac- 40 
cording to the code, and the interface module trans- 
mits the ICP information to the login verification 
serving party for verification; if the verification is val- 
id, the ICP is permitted to access the user-login- 
identification means. 45 



29. The system of claim 24, wherein the user-login- 
identification means is also provided with a storage 
region for storing the information of the ICP itself. 

30. The system of claim 24 or claim 27 or claim 28 or 
claim 29, wherein the user-login-identification 
means is an external and portable memory means 
with a standard data interface, or a card-reader 
means or an ID identifying means thereof. 

31. The system of claim 30, wherein the user-login- 
identification means can be a U disk, a CF card, a 
MMC card, a SD card, a SMC card, an IBM Micro 
Drive card, a flash storage module or an IC card. 

32. The system of claim 30, wherein the portable mem- 
ory card-reader means can be a CF card processor, 
a MMC card processor, a SD card processor, a SMC 
card processor, an IBM Micro Drive card processor 
or an IC card processor. 

33. The system of claim 24 or claim 27 or claim 28 or 
claim 29, wherein the user-login-identification 
means is a computer peripheral, such as a key- 
board, a mouse, a handwriting board or sound box- 
es. 

34. The system of claim 24 or claim 27 or claim 28 or 
claim 29, wherein the user-login-identification 
means is a portable PDA, a music player or an elec- 
trical dictionary. 



26. The system of claim 25, wherein the login verifica- 
tion serving party is a server. 

27. The system of claim 24, wherein information trans- 50 
mission between the computer and the user-login- 
identification means should be processed with en- 
cryption or decryption. 

28. The system of claim 25, wherein the encryption in- 55 
eludes protecting an encryption area by using the 
user's PIN code or utilizing RSA 512PKI key man- 
agement encryption method. 
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